On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> I installed psionic portsentry tonight and i noticed
> that authorized-scan.security.home.net/24.0.94.130
> tried to connect to tcp 119 on my pc.  Is this a
> random scan or is it something I should be worried
> about???  What happens if they find out that I am
> running Linux???

They won't care about that but if you're running any kind of "server" software
(apache, sendmail, ftpd, telnetd etc) I recommend

ipfwadm -I -a deny -S 24.0.0.0/8

 - a good security precaution as well as preventing them from finding out
what ports you have open.  And you will also have to make exceptions for
the DNS servers, web server, news server and any other @home machines you
need to access.  For example, 

ipfwadm -I -a accept -S 24.1.240.33/32
ipfwadm -I -a accept -S 24.1.240.34/32
ipfwadm -I -a accept -S 24.1.240.71/32

Put those rules in before the "deny" rule because the first matching rule
will set the policy.  And of course the syntax is different for ipchains
(for kernels in the 2.2 series).

Lessee... port 119 is nntp so evidently they were looking for rogue news 
servers.

-- 
  _______                                     http://www.bigfoot.com/~ecloud
 (_  | |_)  ecloud@bigfoot.com   finger rutledge@cx47646-a.phnx1.az.home.com
 __) | | \__________________________________________________________________
 Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903